6 Secure Linux Wi-Fi Authentication Servers

FreeRADIUS, GNURadius, OpenRADIUS

November 15, 2010

By
Eric Geier

Here we'll take a look at six different open and free Remote Authentication
Dial In User Service (RADIUS) servers available for Linux (and other platforms).
You'll find something that will work for you, whether you're supporting dial-up or VPN
users, offering 802.1X for Wi-Fi security, or running VoIP. All your
Authentication, Authorization, and Accounting (AAA) needs can be met on a Linux
server.

The FreeRADIUS project was founded in June of 1999 by Miquel van Smoorenburg
and Alan DeKok. Its freely available via the GNU General Public License, Version
2 (GPLv2) for running on Linux, other Unix-like systems, and even Windows. Since
the first stable release in 2001 there have been feature improvements and bug
fixes released every couple of months. There is extensive community support via
documentation, a
Wiki,
mailing lists, and tutorials
throughout the Internet. Commercial support is also available from consulting
firms like Network RADIUS.

FreeRADIUS claims to be the world's most popular RADIUS Server. They
estimate their server is responsible for authenticating hundreds of millions of
users daily across over 50,000 sites. They claim their server provides the
AAA needs of many Fortune-500 companies and ISPs.

In addition to the actual RADIUS server, FreeRADIUS includes a BSD licensed
client library, a PAM library, an Apache module, and other administrative tools.
FreeRADIUS includes most features of other servers, plus supports EAP for
802.1X authentication for Wi-Fi security. Binary packages are downloadable for
numerous platforms, and the source code is always available.
Settings are defined text configuration files, which are well
commented and documented.

GNU Radius was started under the GNU project and had its first public
releases in 2002. Its freely available via the GNU General Public License,
Version 3 (GPLv3) and runs on Unix-like systems. The latest release was in
December of 2008. For support there are
mailing lists, an
online reference
manual, and a printed manual available for purchase.

GNU Radius supports a wide variety of authentication schemes, including
system database, internal database, SQL database and PAM authentication. It
includes some basic administration tools in addition to the server. GNU Radius
is configurable via text configuration files, similarly to FreeRADIUS.

The OpenRADIUS project released its first public version in 2001, and the
latest in 2007. Its freely available and licensed under the GNU General Public
License, Version 2 (GPLv2) and can run on Unix-like systems. Support includes
online documentation and a
mailing list.
Commercial support and custom development are also available.

OpenRADIUS offers a versatile backend interface which can get shared secrets,
authentication information, policies and user profiles from any available
external data source. It supports Unix password databases, Livingston-style
ASCII files, and LDAP directories out of the box. Flexibility is provided with a
built-in expression language. The powerful dictionary can be made to support all
types of vendor-specific attributes. The OpenRADIUS settings are defined in just
two configuration files.